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Bye, Bitcoin: Criminals Seek Other Crypto Currency 


Law enforcement crackdowns, hack attacks, and market volatility drive Russian fraudsters to mint 

their own virtual currency systems. 


When it comes to profiting from ill-gotten gains, have bitcoins become passel 

That appears to be the prevailing attitude on some leading Russian cybercrime forums, which have ditched well- 
known virtual currencies — including Perfect Money and Bitcoin — in favor of forum-specific alternatives, which 
administrators claim offer higher levels of anonymity, security, and reliability. 

Blame the shift, at least partly, on the Justice Department's takedown of Liberty Reserve, which was a Costa Rica- 
based virtual currency system that sported one million users. After it was closed, criminals needed to find new ways 
to move money and store stolen funds — preferably without having their profits picked off by either rivals or 
investigators. "Ever since the Liberty Reserve takedown in May of last year and the confiscation of all accounts by 
law enforcement, fraudsters have been busy finding a solid currency to which they can entrust their spoils without 
the risk of losing them in a bust," said RSA fraud intelligence analyst Daniel Cohen in a blog post. 

Why not simply use existing virtual currency options? While Perfect Money and Bitcoin would seem to be "the 
obvious choices" for cybercriminals, said Cohen, "Perfect Money is of questionable background, while Bitcoin does 
not provide fraudsters the required level of anonymity and is not immune to seizure." For example, US prosecutors 
in November seized bitcoins worth more than $34.1 million from users of the "darknet" narcotics marketplace 

known as Silk Road. 

[Target's breach has driven propoals for new ways to exchange funds, but none hit the bull's-eye. Learn Wh y 

Alternate Payment Schemes Get No Love .] 

Criminals also risk having their bitcoin hordes stolen by rivals. Last week, for example, the administrator of a 
darknet site known as Silk Road 2 — which, like its namesake, serves as a marketplace for buying and selling 
narcotics — said that the site had been hacked, and all of its users' bitcoins stolen, the BBC reported . 

According to a forum post from a Silk Road 2 administrator (who goes by "Defcon"), one of the site's vendors made 
off with the bitcoin haul — worth an estimated $2.7 million — by exploiting a recently discovered vulnerability 
involving transaction malleabilit y. The heist led a number of bitcoin exchanges to suspend operations until they 
bolster their defenses. "I should have taken MtGox and Bitstamp's lead and disabled withdrawals as soon as the 
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malleability issue was reported. I was slow to respond and too sceptical (sic) of the possible issue at hand," Defcon 

said in a forum posting. 

Those bitcoin exchange suspensions have recently driven the value of a bitcoin to less than $300 on Mt Gox — which 
typically handles about one-fifth of the world's bitcoin trades — compared to the currency being valued Tuesday on 
other exchanges at about $630. Still, that's down from the $1,200 commanded by a bitcoin back in November. 

That market volatility is likely another reason why many criminals have opted for an alternative cryptographic 
currency, digital currency expert Michael Jackson, a former COO at Skype, told The Re g ister . "It suggests that 
criminals don't trust Bitcoin — I hope this is because they think the police will find them, but I suspect it's more to do 
with the fact that they don't like volatility. Even an online dope seller wants predictability in his business." 



Photo credit: zcoplev. 



Sponsored Content 
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A guide to prevention, response, and recovery 

Brought to you by Barkly 


What's arguably even better for criminals, however, is anonymity. "Buyers and sellers of crimeware services have 
long had anonymous handles with which to do business," said Sean Sullivan, security advisor at F-Secure Labs, via 
email. "Anonymity has allowed crimeware to evolve into a highly commoditized ecosystem. Having its own 

currency system adds another layer of anonymity." 

Cybercriminals, however, are likely still using bitcoins for some purposes. "They probably aren’t avoiding bitcoins 
other than when it comes to buying and selling crimeware services," Sullivan said. "They are all probably invested in 

Bitcoin in order to move and launder 'real' money." 

What's on offer for criminals seeking Bitcoin and Perfect Money alternatives? To date, RSA said it's been tracking 
three Russian-built currency systems — MUSD, United Payment System, and UAPS — all of which are tailor-made 
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to help criminals evade law enforcement agencies. "These new internal currencies are carefully administered and 
secured, ensuring a high level of anonymity in transaction and hiding the user identities, making it more difficult for 
law enforcement to trace, block, or seize funds and accounts," RSA's Cohen said. The services allow users to deposit 

funds and cash out their holdings, sometimes to a prepaid credit card. 

So far, the most advanced option appears to be UAPS — a.k.a. the "First Commercial Bank" — which first appeared 
more than a year ago on a Russian cybercrime forum. The currency system reportedly sports its own development 
team, gets frequent updates, and, per its data-retention policy, holds related data for only two months before purging 

it from the system. 

Four different cybercrime boards, meanwhile, appear to have standardized on the United Payment System currency 
system. According to RSA, each board has its own exchange agent, who's overseen by a site administrator charged 
with keeping the dealings "honest." That approach highlights how cybercrime forums rely on members to stay 
straight with each other. "Doing business with crimeware suppliers is based on trust — karma systems, feedback — 
like [on] eBay," Sullivan said. "Buyers rate sellers. A currency provider will have to earn trust — and heaven help 

him if he breaks that trust with a large number of cybercriminals." 

The MUSD currency first appeared in November 2013. It's only being used on one forum, and it allows users to buy 
or sell services, as well as procure forum advertising. The currency's developers say their system offers anonymity, a 
built-in escrow service, and the ability to cash out the currency in person. "Two verified exchange agent services 
currently work with MUSD in this board, with one offering to cash out MUSD for hard currency in person at an 

office in Kiev, Ukraine," said Cohen. 

On a related note, Russian authorities have recently been signaling that they'll crack down on users of any type of 
virtual currency, including bitcoins. "Citizens and legal entities risk being drawn — even unintentionally — into 
illegal activity, including laundering of money obtained through crime, as well as financing terrorism," according to 

a warning issued last month by Russia's central bank. 

Earlier this month, Russian authorities warned that only rubles are legal tender inside Russia, and that trading in 
bitcoins is illegal. "Systems for anonymous payments and cybercurrencies that have gained considerable circulation - 
- including the most well-known, Bitcoin — are money substitutes and cannot be used by individuals or legal 
entities," according to a statement bv the Russian Prosecutor General's Office . 

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your 
information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, 
but corporate culture also plays a central role in stopping a big breach. (Free registration required.) 

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full 
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Notwithstanding the negative nellie approach to cryptocurrencies, Bitcoin will always be remembered for 
causing the widespread soiling of jockey shorts worn by members of the Federal Reserve, Greenspan, 

Bemanke and other keepers of the fiat money cartel. 
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It would be fitting if cybercriminals took to using actual cans of Hormel Spam as currency. 
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Re: Why tie to physical location? 

This is one area where technology is not being used for the good of society. The easiest way to limit illegal 
activities is by limiting/restricting free movement of finance. However, it is not all negative as technology that 
enables agencies to detect narcotics using sensors etc restores some of the balance. 


I feel since Bitcoin is not doing too good even for legal activities, I wonder whether another crypto currency will 
every gain the kind the hype and value that Bitcoin gained during the month of November last year. 
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Re: Why tie to physical location? 

Good question. These are add-ons to Russian-language cybercrime forums. It doesn't mean that the admins or 
users reside in Russia. But if they do, they might want a way to cash out large amounts of money in rubles, for 

local spending. 
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Why tie to physical location? 

Mat, why would a group looking to launch a cyber-currency tie itself to a specific country, especially Russia? 
The U.S., EU and China also seem like bad bets. It's CYBER after all, so why not be completely separate from 

any physical location? 
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CVE-2017-0290 

Published: 2017-05-09 

NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as 
used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a 
denial of service (type confusion and application crash) via crafted JavaScript code within ... 


CVE-2016-10369 

Published: 2017-05-08 

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a 
denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access 

control). 


CVE-2016-8202 

Published: 2017-05-08 

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS 
(FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges 
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of user accounts accessing the system via command line interface. With affected version... 

CVE-2016-8209 

Published: 2017-05-08 

Improper checks for unusual or exceptional conditions in Brocade Netlron 05.8.00 and later releases up to 
and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow 
attackers to cause a denial of service (crash and reload) of the management module. 

CVE-2017-0890 

Published: 2017-05-08 

Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the 
search module. To be exploitable a user has to write or paste malicious content into the search dialogue. 
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